CVE-2023-7320
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-10-29

Last updated on: 2025-10-30

Assigner: Wordfence

Description
The WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 7.8.2, due to improper CORS handling on the Store API's REST endpoints allowing direct external access from any origin. This can allow unauthenticated attackers to extract sensitive user information including PII(Personal Identifiable Information).
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-29
Last Modified
2025-10-30
Generated
2026-06-16
AI Q&A
2025-10-29
EPSS Evaluated
2026-06-15
NVD
CVE-2023-7320
EUVD
EUVD-2023-60038
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
woocommerce woocommerce 7.8.2
woocommerce woocommerce 7.9
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-200 The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability in the WooCommerce plugin for WordPress (up to version 7.8.2) is due to improper handling of Cross-Origin Resource Sharing (CORS) on the Store API's REST endpoints. This flaw allows any external origin to access these endpoints directly without authentication, enabling attackers to extract sensitive user information, including personally identifiable information (PII).

Impact Analysis

An unauthenticated attacker can exploit this vulnerability to access sensitive user data, including personal identifiable information, which could lead to privacy breaches, identity theft, or other malicious activities targeting affected users.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2023-7320. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart